// Trust & Security Report

    iLovePDF (Spain-based) logo

    iLovePDF (Spain-based)

    Cloud-based and desktop PDF editing tools suite including web app, desktop app, mobile apps, REST API, and electronic signature service (iLoveSign). Also offers image editing (iLoveIMG).

    Certifications held

    3

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    ISO/IEC 27001:2022
    HELD

    Bureau Veritas certified that ilovepdf's Management System has been audited and found to be in accordance with ISO/IEC 27001:2022 for information security, cybersecurity and privacy protection management system supporting web services, REST API, desktop app, mobile app, electronic signature, cloud storage, and plugins. Certificate number ES149073-4, effective until 28-10-2025.

    Verify on ilovepdf.com
    GDPR Compliance
    HELD

    iLovePDF is fully GDPR compliant as a Europe-based company. Users have access, rectification, erasure, processing restrictions, and data portability rights. Data Protection Officer: Carlos Tortajada (privacy@ilovepdf.com).

    Verify on ilovepdf.com
    eIDAS Compliance (EU Electronic Signatures)
    HELD

    iLovePDF integrates services provided by Qualified Trust Service Providers (QTSP) under eIDAS, enabling electronic signatures and seals that adhere to highest standards of security and authenticity.

    Verify on ilovepdf.com
    > Show 6 unconfirmed / not-held certifications
    SOC 2 Type 2
    NOT CONFIRMED

    No public evidence of SOC 2 Type 2 certification found on vendor domain. Not mentioned in official security, privacy, or legal pages.

    source: ilovepdf.com
    HIPAA
    NOT CONFIRMED

    iLovePDF does not claim HIPAA compliance and offers no Business Associate Agreement. Healthcare workers should not use iLovePDF to process patient records or protected health information (PHI).

    PCI DSS
    NOT CONFIRMED

    No public evidence. Vendor uses Stripe (PCI Level 1 certified) for payments but states it does not collect payment information itself.

    source: ilovepdf.com
    ISO 27017 (Cloud data protection)
    NOT CONFIRMED

    No public evidence of ISO 27017 certification found on vendor domain.

    source: ilovepdf.com
    ISO 27018 (Cloud PII)
    NOT CONFIRMED

    No public evidence of ISO 27018 certification found on vendor domain.

    source: ilovepdf.com
    FedRAMP
    NOT CONFIRMED

    No public evidence of FedRAMP authorization found on vendor domain.

    source: ilovepdf.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    EU (Spain-based company, processes within EU infrastructure)

    Explicit commitment in privacy policy: 'ILOVEPDF DOES NOT USE YOUR CONTENT TO TRAIN, IMPROVE, OR DEVELOP ITS AI MODELS OR ANY THIRD-PARTY AI MODELS.' Company does not access, analyze, review, index, or carry out any other action on file contents except as necessary to provide requested PDF services.

    // Security controls

    Encryption in Transit

    HTTPS/TLS/SSL encryption for all file transfers. Data converted into 'totally incomprehensible, indecipherable characters' during transmission.

    ilovepdf.com

    Encryption at Rest

    End-to-end encryption from upload through delivery and processing

    ilovepdf.com

    Data Retention - Standard Files

    Automatically and permanently deleted within 2 hours of processing

    ilovepdf.com

    Data Retention - Signed Documents

    Retained for maximum of 5 years in compliance with legal requirements (eIDAS regulation)

    ilovepdf.com

    File Access Control

    iLovePDF staff cannot access file contents. Only the uploading user retains access.

    ilovepdf.com

    Two-Factor Authentication (2FA)

    Available to fortify user accounts with additional security layer, ensuring only authorized users can access accounts

    ilovepdf.com

    Data Usage

    iLovePDF does not access, use, analyze, or store any processed data. Does not sell data to third parties.

    ilovepdf.com

    Payment Processing

    Uses Stripe (PCI Level 1 certified). iLovePDF states it does not collect payment information directly.

    ilovepdf.com

    // Products & data scope

    iLovePDF WebPDF Tools (Web Application)

    data: Files uploaded for processing; auto-deleted within 2 hours

    Browser-based tool suite: merge, split, compress, convert, edit, sign, watermark, OCR, compare, redact, form detection, AI summarizer, translate PDF

    iLovePDF DesktopPDF Tools (Desktop Application)

    data: Local file processing with offline capability

    Windows/Mac application for batch editing and document management with no internet requirement

    iLovePDF MobilePDF Tools (Mobile Application)

    data: Mobile file processing

    iOS and Android applications for on-the-go PDF editing

    iLovePDF APIPDF Tools (Developer API)

    data: API access for custom PDF workflows

    REST API for developers to integrate PDF processing into applications

    iLoveSignElectronic Signatures

    data: Documents with signatures retained up to 5 years for legal compliance

    E-signature service integrated with eIDAS Qualified Trust Service Providers for secure electronic signatures and seals

    iLoveIMGImage Editing

    data: Image processing similar to PDF tools

    Separate product for image compression, resizing, enhancement with AI

    // What to watch

    • One third-party source (Nudge Security) mentioned SOC 2 compliance, but this could not be verified on official vendor domain pages. iLovePDF does NOT publicly advertise SOC 2 certification. Potential source confusion or outdated information.
    • No publicly accessible Data Processing Agreement (DPA) template on website, though GDPR compliance and DPA framework are implied. Organizations requiring formal DPA should contact vendor directly.
    • Files are still processed on vendor servers (not local-only), so customer data transits through iLovePDF infrastructure during processing despite encryption. Suitable for general documents but may not be acceptable for highly classified or restricted information.
    • Signed documents via iLoveSign are retained longer (up to 5 years), creating longer data exposure window than standard PDF processing (2 hours).
    • No advanced enterprise certifications (SOC 2, FedRAMP, ISO 27017/27018) that some large organizations require.

    // At a glance

    Pricing model

    Freemium (free web tools with limitations; premium subscription for advanced features, offline desktop, API)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on iLovePDF (Spain-based)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    ilovepdf.com

    > Browse all vendor trust reports